This story is part of londonbusinessblog.com’s Most creative people in business 2022. See the full list of innovators who made breakthroughs this year and made an impact on the world around us.
As Microsoft’s corporate VP for customer security and trust, Tom Burt leads the company’s division that protects customers, individuals, businesses and governments from cyberattacks. That means protecting their data not only from common thieves and fraudsters, but also from some of the most formidable digital enemies: hackers backed by powerful governments, including the Russia-affiliated groups that carried out cyber attacks in Ukraine last spring. Engineering is, of course, a big part of those efforts.
But Burt, the former chief of Microsoft’s litigation department, is a lawyer, not a programmer, and his background has proven useful in conducting cyber-fights. He helped to thwart the Ukrainian attacks by calling on the U.S. legal system to quickly seize and remove seven Internet domain names used to control and monitor malware, and initiate a legal process his team has been tightening against Russian hackers since 2016 (the same tech helped Microsoft secure more than 100 servers linked to a Russian-speaking ransomware group ahead of the 2020 US elections)
Burt’s work often requires negotiation skills – and diplomacy. “Every time we see a new attack on an agency, company or organization in Ukraine, we quickly provide that information about threats to Ukrainian officials,” he says. His team coordinated with the US and Ukrainian governments on when to reveal Russian attacks, and it has worked with countries and private companies around the world in recent years to advocate for a Geneva Digital Convention that would create standards for how countries conduct cyber warfare.
To protect Microsoft customers, Burt also occasionally sparred directly with government officials. He appeared before the House Judiciary Committee last summer, for example, argue against the use of gag orders by the government to prevent companies from letting customers know when law enforcement asks for their private information. Burt says it’s the nature of the job. “Sometimes We’re on the Other Side” [of the government]but the next day we’re working with that same agency on ‘How can we take out this cybercriminal?’”